ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

advapi32: Add some more tests for AccessCheck that determine what 

token impersonation levels it accepts and to show that it doesn't
accept primary tokens.
This commit is contained in:
Rob Shearman 2007-02-15 16:25:20 +00:00 committed by Alexandre Julliard
parent 3f8215d214
commit 4ea7535497
1 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
dlls/advapi32/tests/security.c
View File

@ -659,6 +659,7 @@ static void test_AccessCheck(void)
ACCESS_MASK Access;
BOOL AccessStatus;
HANDLE Token;
HANDLE ProcessToken;
BOOL ret;
DWORD PrivSetLen;
PRIVILEGE_SET *PrivSet;
@ -716,13 +717,13 @@ static void test_AccessCheck(void)
PrivSet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, PrivSetLen);
PrivSet->PrivilegeCount = 16;
ImpersonateSelf(SecurityImpersonation);
res = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE|TOKEN_QUERY, &ProcessToken);
ok(res, "OpenProcessToken failed with error %d\n", GetLastError());
pRtlAdjustPrivilege(SE_SECURITY_PRIVILEGE, FALSE, TRUE, &Enabled);
ret = OpenThreadToken(GetCurrentThread(),
TOKEN_QUERY, TRUE, &Token);
ok(ret, "OpenThreadToken failed with error %d\n", GetLastError());
res = DuplicateToken(ProcessToken, SecurityIdentification, &Token);
ok(res, "DuplicateToken failed with error %d\n", GetLastError());
/* SD without owner/group */
SetLastError(0xdeadbeef);
@ -802,7 +803,30 @@ static void test_AccessCheck(void)
trace("Couldn't get SE_SECURITY_PRIVILEGE (0x%08x), skipping ACCESS_SYSTEM_SECURITY test\n",
ret);
RevertToSelf();
CloseHandle(Token);
res = DuplicateToken(ProcessToken, SecurityAnonymous, &Token);
ok(res, "DuplicateToken failed with error %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = AccessCheck(SecurityDescriptor, Token, MAXIMUM_ALLOWED, &Mapping,
PrivSet, &PrivSetLen, &Access, &AccessStatus);
err = GetLastError();
todo_wine {
ok(!ret && err == ERROR_BAD_IMPERSONATION_LEVEL, "AccessCheck should have failed "
"with ERROR_BAD_IMPERSONATION_LEVEL, instead of %d\n", err);
}
CloseHandle(Token);
SetLastError(0xdeadbeef);
ret = AccessCheck(SecurityDescriptor, ProcessToken, KEY_READ, &Mapping,
PrivSet, &PrivSetLen, &Access, &AccessStatus);
err = GetLastError();
ok(!ret && err == ERROR_NO_IMPERSONATION_TOKEN, "AccessCheck should have failed "
"with ERROR_NO_IMPERSONATION_TOKEN, instead of %d\n", err);
CloseHandle(ProcessToken);
if (EveryoneSid)
FreeSid(EveryoneSid);